2 new scripts

rep · Jun 27, 2013 · 92257bb · 92257bb
1 parent 7892a6c
commit 92257bb
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 0 deletions.
diff --git a/acksyns.py b/acksyns.py
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+
+import sys
+import os
+import struct
+
+from scapy.all import IP, TCP, send, sniff
+
+IFACE = "vboxnet0"
+MYIP = "192.168.56.1"
+IGNORE_PORTS = [22,]
+
+def rand32():
+	return struct.unpack("I", os.urandom(4))[0]
+
+def iptables_drop_resets():
+	os.system("iptables -A OUTPUT -o {0} -p tcp -s {1} --tcp-flags RST RST -j DROP".format(IFACE, MYIP))
+
+def main():
+	iptables_drop_resets()
+
+	def pcb(p):
+		if not p.haslayer(TCP):
+			return
+
+		ipl = p.getlayer(IP)
+		tcpl = p.getlayer(TCP)
+
+		print p.summary()
+
+		if tcpl.flags == 2 and ipl.dst == MYIP and not tcpl.dport in IGNORE_PORTS:
+			print "SYN from", ipl.src, tcpl.sport, "to port", tcpl.dport
+			rp = IP(src=ipl.dst, dst=ipl.src, flags='DF', id=0)/TCP(sport=tcpl.dport, dport=tcpl.sport, ack=tcpl.seq+1, seq=rand32(), flags="SA")
+			send(rp)
+
+	# for some reason the bpf does not work sometimes...
+	ps = sniff(store=0, iface=IFACE, prn=pcb, filter="tcp")
+
+	return 0
+
+if __name__ == "__main__":
+	try: sys.exit(main())
+	except KeyboardInterrupt: pass
diff --git a/fakedns.py b/fakedns.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+import sys
+import socket
+
+from scapy.all import DNS, DNSRR, DNSQR
+
+ANSWER_WITH = "192.168.56.1"
+BIND_TO = ANSWER_WITH
+
+def resolve_or_fake(name):
+    try: r = socket.gethostbyname(name)
+    except socket.gaierror: return ANSWER_WITH
+    return r or ANSWER_WITH
+
+def main():
+    udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    udps.bind((BIND_TO,53))
+
+    while 1:
+        data, addr = udps.recvfrom(1024)
+
+        p = DNS(data)
+
+        rp = DNS(id=p.id, qr=1, qdcount=p.qdcount)
+        rp.qd = p[DNSQR]
+
+        if p.opcode == 0:
+            rp.ancount = 1
+            rp.rcode = 0
+            answer_ip = resolve_or_fake(p.qd[0].qname)
+            rp.an = DNSRR(rrname=p.qd[0].qname, ttl=60, rdlen=4, rdata=answer_ip)
+            print " - Responding to {0} with {1}.".format(p.qd[0].qname, answer_ip)
+        else:
+            # servfail
+            rp.ancount = 0
+            rp.rcode = 2
+            print " ! Query opcode {0}, answering servfail.".format(p.opcode)
+
+        udps.sendto(rp.build(), addr)
+
+if __name__ == "__main__":
+    try: sys.exit(main())
+    except KeyboardInterrupt: pass